82a7efa2a3e6fa0ab548781049a427fd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

82a7efa2a3e6fa0ab548781049a427fd_JaffaCakes118
Size

848KB
MD5

82a7efa2a3e6fa0ab548781049a427fd
SHA1

8c8bbbe4e0c2e0dcf534c4a4420052f5f6500bb3
SHA256

f20c36fd2120bd7583f4dde70028b120d87095574558e9141efd651f1e3ec1bd
SHA512

2cf0330ceb61c25559f539f1567e10eb5e07613e3d759c2b71bdb8cc45d8cf5694e4a3a5d85c459811051926840136c7c48c062717d7c2a76383faf08c8093e1
SSDEEP

24576:3P6m0FK2gacNWfYb7WRvaMsMFwvYCPA7LnZSHobJkn:CmwKhWI0aMlOYCPCLQHpn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
82a7efa2a3e6fa0ab548781049a427fd_JaffaCakes118

Files

82a7efa2a3e6fa0ab548781049a427fd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

de6931178a4ed91898face64b25c8f39

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

x:\Projects\ProductwiseToolbar\Sources\VS_Projects\Update Centre\Update Centre\Release\bin\stbsvc.pdb

Imports

psapi

GetProcessMemoryInfo

kernel32

CreateEventW
DeleteFileA
DuplicateHandle
QueryDosDeviceW
GetTempPathW
FindResourceW
LoadResource
SizeofResource
DeleteFileW
FindClose
LoadLibraryExW
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
CreateFileMappingW
MapViewOfFile
CreateDirectoryW
FindFirstFileW
CopyFileW
FindNextFileW
UnmapViewOfFile
CreateProcessW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
Sleep
ExitProcess
CreateThread
OpenThread
TerminateThread
GetCurrentProcessId
FormatMessageW
FreeLibrary
LocalFree
ExitThread
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetLastError
LoadLibraryW
GetCurrentProcess
ReleaseMutex
CloseHandle
CreateMutexW
WaitForSingleObject
OutputDebugStringW
DebugBreak
lstrlenA
InterlockedIncrement
InterlockedDecrement
lstrlenW
MultiByteToWideChar
GetVersion
LoadLibraryA
GetLongPathNameW
LockResource
GetTempFileNameW
lstrcpyW
FlushInstructionCache
GetCurrentThreadId
GetExitCodeProcess
CompareStringW
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
WideCharToMultiByte
RtlUnwind
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
GetStartupInfoW
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
WriteFile
GetConsoleCP
GetConsoleMode
GetStdHandle
GetModuleFileNameA
HeapSize
HeapDestroy
HeapCreate
SetHandleCount
GetFileType
GetStartupInfoA
FlushFileBuffers
ReadFile
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileW
GetLocaleInfoW
CreateFileA
SetEndOfFile
CompareStringA
SetEnvironmentVariableA
SystemTimeToFileTime
SetFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
FileTimeToSystemTime
GetLocalTime
GetFileSize
GetFileInformationByHandle
GetSystemTime
GlobalFree
GetVersionExW
OpenProcess
LocalAlloc
GlobalAlloc
RemoveDirectoryW
ResumeThread
lstrcmpW
GlobalLock
GlobalUnlock
CreateEventA
FindFirstFileA
WaitForMultipleObjects
FindNextFileA
SetEvent
SetConsoleMode
GetWindowsDirectoryA
GetProcessTimes
GetSystemTimeAdjustment
GetThreadTimes
GlobalMemoryStatus
GetOverlappedResult
CreateFileMappingA
GetEnvironmentVariableA
SetHandleInformation
CreateProcessA
CreatePipe
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
CreateRemoteThread

user32

MonitorFromPoint
UnhookWindowsHookEx
CallNextHookEx
SetTimer
ModifyMenuW
GetClassInfoExW
CopyRect
GetMenuItemInfoW
SetMenuItemInfoW
IsMenu
SetWindowsHookExW
MoveWindow
GetWindowDC
KillTimer
InflateRect
GetKeyState
TrackPopupMenuEx
ClientToScreen
DrawFrameControl
DestroyMenu
AnimateWindow
SetScrollInfo
ShowScrollBar
GetScrollInfo
GetSysColorBrush
PeekMessageW
GetMessagePos
GetSubMenu
SetMenu
GetWindowThreadProcessId
GetMenuItemID
MessageBeep
GetMenuItemRect
FrameRect
DrawEdge
WindowFromPoint
RegisterWindowMessageW
IsWindowVisible
GetQueueStatus
GetMonitorInfoW
GetDlgCtrlID
SendMessageA
GetSystemMetrics
GetWindowRect
CallWindowProcW
IsWindow
CharLowerW
SetCapture
IsWindowEnabled
ScreenToClient
GetWindowTextLengthW
LoadStringW
wvsprintfW
CharNextW
GetClassNameW
EnumChildWindows
EnumWindows
SendMessageW
SetWindowTextW
EndDialog
RegisterClassExW
CreateWindowExW
DialogBoxParamW
GetWindowTextW
SetRectEmpty
IsRectEmpty
GetDesktopWindow
UnregisterClassA
CharUpperW
SetCursor
GetFocus
OffsetRect
GetCapture
GetParent
GetWindow
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
GetClipboardOwner
CopyImage
ReleaseCapture
ReleaseDC
GetDC
GetCursorPos
DrawFocusRect
GetForegroundWindow
MessageBoxW
wsprintfW
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
ShowWindow
UpdateWindow
LoadIconW
LoadCursorW
InSendMessage
ReplyMessage
DestroyWindow
BeginPaint
EndPaint
PostQuitMessage
DefWindowProcW
FindWindowW
PostMessageW
FillRect
DrawTextW
DestroyIcon
PtInRect
EnableWindow
InvalidateRect
GetActiveWindow
GetDlgItem
SetFocus
GetSysColor
CreatePopupMenu
GetMenuItemCount
InsertMenuW
AppendMenuW
GetWindowLongW
SetWindowLongW
SetRect
LoadImageW
FindWindowA

advapi32

CryptDestroyHash
CryptDeriveKey
CryptDecrypt
CryptReleaseContext
CryptDestroyKey
RegEnumValueW
RegCreateKeyW
GetTokenInformation
OpenProcessToken
RegQueryValueExA
RegCreateKeyA
RegOpenKeyA
RegSetValueExA
CryptGetKeyParam
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
SetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
GetUserNameA
CryptAcquireContextW
CryptHashData
CryptGetHashParam
CryptEncrypt
CryptCreateHash
RegEnumKeyExW
RegQueryInfoKeyW

ole32

RegisterDragDrop
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
OleRun
CoInitialize
CreateStreamOnHGlobal
ReleaseStgMedium

oleaut32

SysAllocStringByteLen
VariantClear
VariantCopy
VariantInit
SysAllocString
LoadTypeLi
SysStringByteLen
GetErrorInfo
SysFreeString
VarUI4FromStr
SysStringLen
DispCallFunc
VariantChangeType
OleLoadPicture
LoadRegTypeLi

productinfo

?Get_CLASS_NAME_TOOLBAR_FRAMEWORK@CProductInfo@@SA?AVCString@WTL@@XZ
?Create@CProductInfo@@SA_NHPAH@Z
?Get_UNIQUE_IDENTIFIER@CProductInfo@@SA?AVCString@WTL@@XZ
?Get_ABOUTDLG_LINK@CProductInfo@@SA?AVCString@WTL@@XZ
?Get_ABOUTDLG_LOGO_BASENAME@CProductInfo@@SA?AVCString@WTL@@XZ
?Get_ABOUTDLG_LINK_TEXT@CProductInfo@@SA?AVCString@WTL@@XZ
?Get_ABOUTDLG_COPYRIGHT@CProductInfo@@SA?AVCString@WTL@@XZ
?Get_EDITDLG_SUBSCRIBE@CProductInfo@@SA?AVCString@WTL@@XZ
?Get_CLASS_NAME_UPDATE_CENTRE@CProductInfo@@SA?AVCString@WTL@@XZ
?Get_TASK_LIST_OF_UPDATE_CENTRE@CProductInfo@@SA?AVCString@WTL@@XZ
?Get_COMPANY_NAME@CProductInfo@@SA?AVCString@WTL@@XZ
?Get_PRODUCT_NAME@CProductInfo@@SA?AVCString@WTL@@XZ
?Get_PRODUCT_BAND@CProductInfo@@SA?AVCString@WTL@@XZ

wininet

HttpQueryInfoW
DeleteUrlCacheEntryA
InternetOpenUrlA
InternetCloseHandle
HttpQueryInfoA
InternetReadFile
InternetCheckConnectionW
InternetGetConnectedStateExW
HttpSendRequestW
InternetConnectW
InternetOpenW
InternetQueryDataAvailable
InternetOpenA
HttpOpenRequestW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

gdi32

GetClipBox
SetBrushOrgEx
RestoreDC
SaveDC
GetTextExtentPoint32W
Rectangle
SetWindowExtEx
GetWindowExtEx
SetViewportExtEx
GetViewportExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ExtTextOutW
CreatePen
CreateSolidBrush
GetDIBits
StretchBlt
CreateDCW
CreateCompatibleDC
SetBkColor
BitBlt
DPtoLP
GetMapMode
CreateFontW
CreateBitmap
CreatePatternBrush
SetMapMode
DeleteObject
GetDeviceCaps
GetStockObject
CreateFontIndirectW
DeleteDC
GetObjectW
SetTextColor
SetBkMode
SelectObject
LPtoDP
CreateCompatibleBitmap

shell32

ShellExecuteW
SHGetFolderPathW
ShellExecuteExW

msimg32

GradientFill

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 644KB - Virtual size: 643KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de6931178a4ed91898face64b25c8f39

Headers

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

advapi32

ole32

oleaut32

productinfo

wininet

version

urlmon

gdi32

shell32

msimg32

iphlpapi

Sections

.text Size: 644KB - Virtual size: 643KB

.rdata Size: 180KB - Virtual size: 176KB

.data Size: 16KB - Virtual size: 46KB

.rsrc Size: 4KB - Virtual size: 924B

.text
Size: 644KB - Virtual size: 643KB

.rdata
Size: 180KB - Virtual size: 176KB

.data
Size: 16KB - Virtual size: 46KB

.rsrc
Size: 4KB - Virtual size: 924B